registry  /  @whfzgyx/ojo-canvas-sdk  /  0.1.3

@whfzgyx/ojo-canvas-sdk@0.1.3

`@touchine/ojo-canvas-sdk` is the browser-facing OJO project canvas SDK.

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established by static inspection. The package is a browser canvas SDK/runtime with static assets, configurable host endpoints, and user/runtime-triggered bridge behavior.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
importing mountOjoCanvas or serving dist/runtime/index.html
Impact
No install-time execution or unconsented project/agent control-surface mutation found.
Mechanism
browser iframe runtime with host-provided config and bridge endpoints
Rationale
Scanner findings are explained by a large bundled browser runtime, localization strings, framework/vendor code, and static asset/API references. The unusual scope/name mismatch is suspicious provenance-wise but source inspection did not show concrete malicious behavior.
Evidence
package.jsonREADME.mddist/host/index.jsdist/runtime/manifest.jsondist/runtime/index.htmldist/runtime/assets/contribution-DIZlos6s.jsdist/runtime/assets/preview-mode-utils-BsVumX2C.jsdist/runtime/assets/ja-CO70Pb1Z.js
Network endpoints5
irise-web-canvas-public-assets.rogerhorsleymorris.workers.dev/irise-resources-staging-us-east-1-972778198637.s3.us-east-1.amazonaws.comgenerativelanguage.googleapis.com/apis.google.com/js/api.jswww.google.com/recaptcha/api.js

Decision evidence

public snapshot
AI called this Clean at 82.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json publishes under @whfzgyx while README/runtime strings identify @touchine/ojo-canvas-sdk.
  • Bundled runtime contains Codex/agent bridge UI and host-provided bridge endpoints, activated only by runtime use.
Evidence against
  • package.json has no preinstall/install/postinstall hooks; only build/test/prepack scripts.
  • dist/host/index.js only mounts a caller-supplied iframe URL and postMessages config to that iframe origin.
  • dist/runtime/manifest.json lists static canvas assets from a public workers.dev CDN.
  • Search found no child_process, filesystem writes, npm lifecycle mutation, or AI-agent config file writes.
  • Trojan-source scan for bidi/invisible controls in JS assets returned no matches.
  • Network/API behavior is browser runtime and host-endpoint aligned, not install-time exfiltration.
Behavioral surface
Source
ChildProcessDynamicRequireFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 20 file(s), 3.39 MB of source, external domains: fb.me, figma.com, github.com, irise-resources-staging-us-east-1-972778198637.s3.us-east-1.amazonaws.com, irise-web-canvas-public-assets.rogerhorsleymorris.workers.dev, ojo.dev, prosemirror.net, radix-ui.com, react.dev, reactrouter.com, www.w3.org
Oversized source lightweight scan
dist/runtime/assets/contribution-DIZlos6s.js3.71 MB file, sampled 256 KB
ChildProcessMinifiedUrlStringsirise-web-canvas-public-assets.rogerhorsleymorris.workers.devwww.w3.org

Source & flagged code

4 flagged · loading source
dist/runtime/assets/preview-mode-utils-BsVumX2C.jsView file
31patternName = google_api_key severity = high line = 31 matchedText = caused b...it(`
High
High Secret

Package contains a high-severity secret pattern.

dist/runtime/assets/preview-mode-utils-BsVumX2C.jsView on unpkg · L31
31patternName = google_api_key severity = high line = 31 matchedText = caused b...it(`
High
Secret Pattern

Google API key in dist/runtime/assets/preview-mode-utils-BsVumX2C.js

dist/runtime/assets/preview-mode-utils-BsVumX2C.jsView on unpkg · L31
dist/runtime/assets/ja-CO70Pb1Z.jsView file
3contains invisible/control Unicode U+200B (zero width space) これでターミナルに戻ることができます。`,authorizedCode:`認証されたデバイスコード`,authorizeAnother:`別のデバイスを認証する`,returnHome:`家に帰る`},confirm:{eyebrow:`CLI デバイスの認証`,title:`Ojo CLIを認可する`,description:`Ojo CLI へのアクセスを確認します。`,browserCode:`ブラウザ確認コード`,deviceCode:`デバイスコード`,approv
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/runtime/assets/ja-CO70Pb1Z.jsView on unpkg · L3
dist/runtime/assets/contribution-DIZlos6s.jsView file
path = [redacted]-DIZlos6s.js kind = oversized_source_file sizeBytes = 3890824 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/runtime/assets/contribution-DIZlos6s.jsView on unpkg

Findings

1 Critical3 High3 Medium6 Low
CriticalTrojan Source Unicodedist/runtime/assets/ja-CO70Pb1Z.js
HighHigh Secretdist/runtime/assets/preview-mode-utils-BsVumX2C.js
HighOversized Source Filedist/runtime/assets/contribution-DIZlos6s.js
HighSecret Patterndist/runtime/assets/preview-mode-utils-BsVumX2C.js
MediumDynamic Require
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License